Scratchpad remove docker file

Thank you for your answer. Of course, I enabled root’s ssh to test if the upload would work, I was actually curious if there was any other trick for this under NS8…

However, it would be important information that If I manually edit the config files under firebird, will these changes be lost after restarting the container?

I learned more from these few posts than from the descriptions I’ve been reading for months. Unfortunately, for some reason, they’re not detailed and accurate enough.

Thank you in advance for your answer, of course it is not urgent.

No, with NS8 it depends on the underlying OS/image how ssh is (pre)configured.

Yes, usually changes are lost as it’s intended to configure it using the environment variables. In the dockerfile there’s no volume defined for the firebird.conf, only for the firebird data. So I’d recommend the env vars method just to be sure there are no issues in future releases of the container.
But it’s possible to add a volume for /opt/firebird/ to make it permanent:

podman run \
    --detach --rm --name firebird-app \
    -e FIREBIRD_ROOT_PASSWORD=secret \
    -e FIREBIRD_USER=alice \
    -e FIREBIRD_PASSWORD=secret \
    -e FIREBIRD_DATABASE=mirror.fdb \
    -e FIREBIRD_DATABASE_DEFAULT_CHARSET=UTF8 \
    -v firebird-data:/var/lib/firebird/data:Z \
    -v firebird-config:/opt/firebird:Z \
    -p 3050:3050 \
    firebirdsql/firebird:5.0.2

To edit firebird.conf from scratchpad1 environment:

podman unshare nano /home/scratchpad1/.local/share/containers/storage/volumes/firebird-config/_data/firebird.conf

or as root:

nano /home/scratchpad1/.local/share/containers/storage/volumes/firebird-config/_data/firebird.conf

I think you need to restart the container to apply the changes.

Great example @mrmarkuz , thank you!

I watched this yesterday GitHub - FirebirdSQL/firebird-docker: Docker images for Firebird Database I tried it, but only partially successfully.

As I mentioned, I need to install two firebirds, a 2.5 and a 3.0 version. I tried to separate the installation of the two, so in the command I specified firebird3 for the name, the volume name and the path. I set the volume names without the “Z” character, because I was still working from the github example at the time.

Unfortunately, this was not successful, because the firebird config files were not created in the firebird3-config directory and according to the original example, the mirror.fdb was not created in the data directory either.

This morning I saw the command you copied and tried it, but before that I stopped all the pods running under scratchpad, deleted them (they were unnecessary and I needed a clean scratchpad).

scratchpad1@debian-ns8:~/.config/state$ podman stop firebird3
scratchpad1@debian-ns8:~/.config/state$ podman volume rm --all

Then I ran the given command. It created the firebird-config and firebird-data directories but there is a problem with the permissions of the files in them.

scratchpad1@debian-ns8:~/.config/state$ ls -all /home/scratchpad1/.local/share/containers/storage/volumes/firebird-data/_data 
ls: cannot access '/home/scratchpad1/.local/share/containers/storage/volumes/firebird-data/_data/.': Permission denied 
ls: cannot access '/home/scratchpad1/.local/share/containers/storage/volumes/firebird-data/_data/mirror.fdb': Permission denied 
ls: cannot access '/home/scratchpad1/.local/share/containers/storage/volumes/firebird-data/_data/..': Permission denied 
total 0 
d????????? ? ? ? ?            ? . 
d????????? ? ? ? ?            ? .. 
-????????? ? ? ? ?            ? mirror.fdb

scratchpad1@debian-ns8:~/.config/state$ ls -all /home/scratchpad1/.local/share/containers/storage/volumes/firebird-config/_data 
total 2160 
drwxr-xr-x 8 scratchpad1 scratchpad1    4096 Apr 13 12:22 . 
drwx------ 3 scratchpad1 scratchpad1    4096 Apr 13 12:22 .. 
.......
-rw-rw---- 1      952051      952051     318 Apr 13 12:22 firebird.log 
.......
-rw-rw---- 1      952051      952051 1703936 Apr 13 12:22 security3.fdb

Am I messing this up or is it the podman?

What does the old “Z” character mean when specifying the volume? Is it a drive letter? Is this necessary?

In both your example and the github example, aparancs creates one user. I need two, how can I solve this?

I wouldn’t edit security.fdb because it will probably be overwritten as you wrote. It’s possible that it’s possible with FIREBIRD_USE_LEGACY_AUTH, but I don’t understand that yet. Plus, you need the SYSDBA user…

The z/Z option makes a volume shareable or private, see also --volume, -v=[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]] — Podman documentation

Did you use the same volume for both firebird versions?

Currently, there are two Firebirds running under Nethserver 7. One is Firebird 3, it is installed in the /opt/firebird3 directory, it also has security3.fdb and its databases are in the /var/lib/firebird3/data directory and the systemd script is firebird3.service.

The other is Firebird 2.5, it is installed in the /opt/firebird directory, it also has security2.fdb and its databases are in the /var/lib/firebird/data directory and the systemd script is firebird.service.

For now, I can only run one Firebird, version 3.0.9, under scratchpad, because the other one is installed in the same firebird-config directory (the configs). It doesn’t allow me to set it to something else in the environment, it doesn’t write to the directories.

Two different programs use the two different Firebirds and therefore it would not be a good idea to put their databases in the same directory. It is also not a good idea from a backup perspective, because you have to save with a different version of gbak.

If I try to start firebird with this:

podman run \
    --detach --rm --name firebird3-app \
    -e FIREBIRD_ROOT_PASSWORD=secret \
    -e FIREBIRD_USER=alice \
    -e FIREBIRD_PASSWORD=secret \
    -e FIREBIRD_DATABASE=mirror.fdb \
    -e FIREBIRD_DATABASE_DEFAULT_CHARSET=UTF8 \
    -v firebird3-data:/var/lib/firebird3/data:Z \
    -v firebird3-config:/opt/firebird3:Z \
    -p 3050:3050 \
    firebirdsql/firebird:3.0.9

It creates the volumes but doesn’t write to them, firebird3-config is empty and firebird-data is empty. I have no idea where it wrote the config and created its mirror.fdb. I just think it created it in the temporary directory that is automatically created and deleted on shutdown, but that doesn’t work for me.

Can I create my own user instead of the alice user, but if I have to create two, is that possible? Or if I manage to use the firebird3-config directory, can I put my own security3.fdb there to have my users?

Thank you for your help

In this case firebird3-data is the name of the used local volume and the path is the one inside the firebird container which should still point to /var/lib/firebird/data

It should work like

    -v firebird3-data:/var/lib/firebird/data:Z \
    -v firebird3-config:/opt/firebird:Z \

One user is can be customized using the env vars. I don’t know much about firebird but I found that there’s isql in the container which can be used to manage firebird databases and users.

Enter container:

podman exec -ti firebird-app bash

For example create user3 in mirror.fdb:

echo "CONNECT /var/lib/firebird/data/mirror.fdb; CREATE USER user3 PASSWORD 'password';" | isql

Yes, that should be possible. Just copy it in the containers data volume and correct the owner.

@mrmarkuz Thanks for your help, I seem to be doing well.

I can connect to the mirror.fdb created when I started firebird.
I copied a database to the data directory and when I checked it with the ls -all command in the container (podman exec -ti firebird3-app bash) it was created with owner nobody:nogroup when copied. The owner cannot be changed, the error message is “Permission denied”.

Originally the owner should be firebird:firebird… Could this be a problem with the rootless container? How can I set the owner?

You need to set the owner as root:

chown firebird1:firebird1 /home/scratchpad1/.local/share/containers/storage/volumes/firebird-data/_data/newdatabase.fdb

An alternative method is to use podman cp in the scratchpad environment which sets the correct owner so no chown is needed:

podman cp database.fdb firebird-app:/var/lib/firebird/data/

I’m sorry, but changing the user doesn’t work here as you described.

I upload the file to the data directory with scp:

scp /home/lenovo/Letöltések/data/* root@192.168.1.200:/home/scratchpad1/.local/share/containers/sto
rage/volumes/firebird3-data/_data/

After uploading, the files in the data directory are owned by root (it was uploaded as root):

root@debian-ns8:~# ls -all /home/scratchpad1/.local/share/containers/storage/volumes/firebird3-data/_data/
összesen 559040
drwxr-xr-x 2 952051 952051      4096 ápr   14 19.25 .
drw-r--r-- 4 952051 952051      4096 ápr   14 10.09 ..
-rw-r----- 1 root   root     1466368 ápr   14 19.25 ForGrant.fdb

The files in the data directory should be owned by the firebird user, but under Debian (NS8 op system) there is no firebird1 or firebird user.

root@debian-ns8:~# chown firebird:firebird /home/scratchpad1/.local/share/containers/storage/volumes/firebird3-data/_data/*
chown: invalid user: ”firebird:firebird”

In the firebird3-app pod (container) running under scratchpad, there are only firebird user and group. If I enter the scratchpad and within it the firebird3-app container, the owner of the files in the /var/lib/firebird directory is the firebird user.

root@debian-ns8:~# runagent -m scratchpad1
runagent: [INFO] starting bash -l
runagent: [INFO] working directory: /home/scratchpad1/.config/state
scratchpad1@debian-ns8:~/.config/state$ podman exec -ti firebird3-app bash
root@f8cd6d08f0f6:/# ls -all /var/lib/firebird/data
total 1664
drw-r--r-- 4 firebird firebird    4096 Apr 14 10:09 .
drwxr-xr-x 3 root     root        4096 Apr 11 20:36 ..
-rw-r----- 1 root root 1466368 ápr   14 19.18 ForGrant.fdb

If I want to change the owner of the files from root to firebird here, I get this:

root@f8cd6d08f0f6:/# chown firebird:firebird /var/lib/firebird/data/hessyneszkoz/*
chown: changing ownership of '/var/lib/firebird/data/hessyneszkoz/ForGrant.fdb': Operation not permitted

The same situation occurs if I want to issue the command from scratchpad because there is no firebird or firebird1 user here.

scratchpad1@debian-ns8:~/.config/state$ chown firebird:firebird /home/scratchpad1/.local/share/containers/storage/volumes/firebird3-data/_data/hessyneszkoz/*
chown: invalid user: ‘firebird:firebird’

If I query the file permissions as Debian root, I see this:

root@debian-ns8:~# ls -all /home/scratchpad1/.local/share/containers/storage/volumes/firebird3-data/_data
összesen 4180756
drwxr-xr-x 2 952051 952051     20480 ápr   14 19.20 .
drw-r--r-- 4 scratchpad1 scratchpad1      4096 ápr   14 10.09 ..
-rw-r----- 1 root root 1466368 ápr   14 19.18 ForGrant.fdb

This is interesting because the 952051 user and group ascratchpad are the numeric identifiers of the firebird user and group in the firebird container (pod). Since the database file is owned by root due to the root upload, the only way to change the file owner is here. If I issue the following command as Debian root:

root@debian-ns8:~# chown 952051:952051 /home/scratchpad1/.local/share/containers/storage/volumes/firebird3-data/_data/*

Then the file will be owned by the firebird user in the firebird container (pod) running under scratchpad:

root@f8cd6d08f0f6:/# ls -all /var/lib/firebird/data
total 1664
drw-r--r-- 4 firebird firebird    4096 Apr 14 10:09 .
drwxr-xr-x 3 root     root        4096 Apr 11 20:36 ..
-rw-r----- 1 firebird firebird 1466368 ápr   14 19.18 ForGrant.fdb

This is the only way I found to change the owner of uploaded database files. This problem is mentioned in one of the debian forums as a rootless container problem, but no solution was given. If you know of a simpler solution, please share it with me.

Now that I have managed to upload it, and set up the owner, albeit awkwardly, I will start testing the connection with the program as the next step. Then we will move on…

Thanks for your help @mrmarkuz

This is the best method to do it as root. Sorry, I mixed things up…

No problem, I tried these first, as this would have been the logical solution. It didn’t work, so I had to dig deeper and this is how I found the solution. At least it’s documented in case it’s causing problems for others. :))

In addition to the database files, I uploaded my own security3.fdb, set the owner (as before), restarted the firebird container and tried connecting to one of the databases on localhost with isql.

root@844305bb2e00:/# isql localhost:/var/lib/firebird/data/hessynber/ForGrant.fdb -u user-p passwd

After connecting, I was able to query the database tables, I can say that it works and by uploading my own security3.fdb, the creation of the firebird user was solved.

There is still a lot left to do but to be continued…

I checked the operation of the Firebird server version 3.0.11 running under scratchpad on NS8 and the program we use with the uploaded databases.

The program, Firebird and the databases are all fine, everything is working for now.

We need to figure out how to run Firebird as a Netserver app instead of scratchpad.

Is this possible and if so, how?

Yes, it is possible, check out the development documentation: Modules | NS8 dev manual

I’m trying to create a systemd startup file for firebird-app. The following command maps the configuration of the currently running firebird3-app and prints the contents of the systemd file to be created, but the file is not created:

scratchpad1@debian-ns8:~/.config/state$ podman generate systemd --no-header --container-prefix '' --new firebird3-app

When using podman generate systemd -f, it should have saved it to a file, but I can’t find it anywhere. Where can I find it?

There is no description anywhere, how-to for creating an app, because the ones I have found so far describe the process, but unfortunately, the procedure cannot be repeated based on the description…

I should understand what is described in the developer’s book, but I’m afraid I won’t understand it otherwise…

Can anyone help with this?

Thank you for your help

I think the easiest way is to start with an ns8-kickstart template on GitHub, I’d recommend either the original ns8-kickstart or an adaption of the mariadb template by @stephdl without db: ns8-kickstart-nodb.

This way you could create a new project “ns8-firebird”, adapt the build-images.sh to add the image(s) and the service files in imageroot/systemd/user to run them.

I’d recommend vscode for coding.

Links:

This helps a lot, maybe I don’t have to start from scratch @mrmarkuz

I have a github login, but how can I create a project using Nethserver/ns8-kickstart so I can install it on Nethserver?

I guess I should have access to the repo for the publishing… Or is it possible to install the module on NS8 without it?

Thank you for your help

It’s explained in GitHub - NethServer/ns8-kickstart: NethServer 8 module template

Login to GitHub and click on “Use this template” to create a new repo out of it.

grafik1897×726 137 KB

You change the code and push it to the repo and a GitHub action publishes a package that you can install on NS8 using add-module, see also Quickstart | NS8 dev manual

In this case the name is written without “ns8-”

add-module ghcr.io/steve/firebird:latest 1

Thank you @mrmarkuz

I’ll try, I hope it works.